Microsoft’s Cyber Defense Operations Center (CDOC) has shared its best practices for enterprises who want to protect against, detect and respond to cybersecurity threats in real time.
Opened in November 2015, the 24/7 CDOC facility is staffed by Microsoft’s cybersecurity experts and data scientists who have developed policies and practices to prevent, or quickly resolve, cybersecurity attacks.
Microsoft’s brief includes several practices for protecting against threats, including extensive monitoring and control over the physical infrastructure of its global data centres. The company also uses software-defined networks to block attacks on its cloud infrastructure, while multi-factor authentication that controls identity and access management across the infrastructure.
In addition, Microsoft Security Development Lifecycle is used to harden all applications, online services and products, and to routinely validate its effectiveness through penetration testing and vulnerability scanning. Threat modelling and attack surface analysis ensures that potential threats are assessed and minimised by restricting services or eliminating unnecessary functions.
The Malware Protection Center’s team of researchers also reverse engineer and develop malware signatures that can be deployed across Microsoft’s infrastructure for advanced detection and defence. These signatures are available to millions of customers using Microsoft anti-malware solutions.
“Having a rich set of controls and a defence-in-depth strategy helps ensure that should any one area fail, there are compensating controls in other areas to help maintain the security and privacy of our customers, cloud services, and our own infrastructure environment,” said Kristina Laidler, security principal of Cyber Security Services and Engineering at Microsoft, in a blog post. “Microsoft operates under an Assume Breach posture. This simply means that despite the confidence we have in the defensive protections in place, we assume adversaries can and will find a way to penetrate security perimeters. It is then critical to detect an adversary rapidly and evict them from the network.”
To detect cybersecurity threats, Microsoft monitors its network and physical environments 24/7 using identity and behavioural analytics, and machine learning tools to pinpoint abnormal activity. Advanced analytical tools and processes are deployed to create highly contextualised detections from enormous volumes of data in near real time.
Meanwhile, automated response systems use risk-based algorithms to flag cyber threats that require human intervention. Microsoft’s specialists can also perform deep forensic analysis and enterprise-wide searches across cloud, hybrid and on-premises data and systems to determine the scope of incidents and contain them.
“Microsoft’s security software tools, automation and hyper-scale cloud infrastructure enable our security experts to reduce the time to detect, investigate, analyse, respond, and recover from cyberattacks,” said Laidler.
Enterprises can download the full Cyber Defense Operations Center strategy brief here.
Share this story